You can mitigate flaws, including approving and rejecting existing mitigations, from within Eclipse.
Before You Begin
- You must have the Mitigation API role.
- You have imported the Veracode scan results, which appear in the Results view in Eclipse.
Overview
From within your IDE, you can comment on a flaw and set the mitigation status as:
- Potential false positive
- Design
- OS environment
- Network environment
- Mitigate by design
You can also accept or reject a flaw already flagged as mitigated.
Steps
-
In your IDE, select Veracode > View Results.
-
From the Results window, in the Flaw ID column, select the checkbox next to one or more flaws that you want to mitigate.
-
From the Actions dropdown menu, select a mitigation action and click Mitigate.
-
In the Flaw Mitigation Request window, enter your comments.
-
Click Continue.
-
If you see an access denied error message, check for these issues, resolve them, and try to mitigate again:
- There is a policy or sandbox scan in progress for the application.
- You are not working with the most recent scan results.
- You do not have the Mitigation API role.
- Another user has locked the flaw in the Veracode Platform.